Gmail Takes the Lead on Email Security
By Peter Eckersley
Last night, Google announced that Gmail sessions will now be fully encrypted with HTTPS by default. This is excellent news — EFF congratulates Google for taking this significant step to safeguard their users' privacy and security.
Previously, it was possible to encrypt your access to Gmail, but it required altering the default configuration. Now every Gmail user will get the benefits of encryption without needing to know that they need it.
With this development, Google has taken a clear two-step lead over its competition: other major hubs for personal communication such as Facebook, Yahoo! mail, Hotmail, and LiveJournal do not even make the use of HTTPS possible, let alone the default. A handful of smaller, specialist webmail providers do offer HTTPS, but Google is alone in bringing basic email security to the mainstream Web.
Frankly, it's time for Facebook, Yahoo!, Microsoft, and company to raise their game. If you are using those email services, then anyone using the same local network as you can read your communications or break into your account. And that's just not good enough.
P.S.: A great next step for Google would be to implement HTTPS for Google Search. Until that happens, the only way to get private, encrypted searches is by using a an HTTPS search engine like Ixquick or a third-party proxy to Google like ssl.scroogle.org, which requires users to trust the proxy operator. We understand that there are some latency costs to delivering search over HTTPS, and while new standards are needed to solve that problem, there's no reason not to offer optional search encryption in the mean time.